Archive for the 'O4' Category

« Previous Entries
Next Entries »

What is regsvr.exe, How to remove regsvr.exe

Friday, December 4th, 2009

regsvr.exe is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: regsvr
Filename: regsvr.exe
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | Msn Messsenger

Command: C:\Windows\System32
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [Msn Messsenger] C:\Windows\System32\regsvr.exe

DDS Line:

uRun: [Msn Messsenger] C:\Windows\System32regsvr.exe

Combofix/RSIT Line:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“Msn Messsenger”=C:\Windows\System32regsvr.exe

Description: trojan also known as W32.Imaut [Symantec], Worm.Win32.AutoIt.x, not-a-virus:Monitor.Win32.Ardamax.ae [Kaspersky Lab], W32/Autorun.worm.bm [McAfee], Mal/Generic-A [Sophos], VirTool:Win32/ModTool.A [Microsoft]

How to remove: use HijackThis + Kaspersky virus removal tool

Posted in O4, Run, Trojan | No Comments »

What is reader_s.exe, How to remove reader_s.exe

Thursday, December 3rd, 2009

reader_s.exe is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: reader_s
Filename: reader_s.exe
Registry key:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | reader_s
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | reader_s

Command:

%WinDir%\System32\reader_s.exe
%UserProfile%\reader_s.exe

Startup Type: O4
HijackThis Category: O4
HijackThis Line:

O4 – HKLM\..\Run: [reader_s] C:\WINDOWS\System32\reader_s.exe
O4 – HKCU\..\Run: [reader_s] C:\Documents and Settings\user\reader_s.exe

DDS Line:

mRun: [[reader_s] C:\WINDOWS\System32\reader_s.exe
uRun: [[reader_s] C:\Documents and Settings\user\reader_s.exe

Combofix/RSIT Line:

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
“reader_s”=C:\WINDOWS\System32\reader_s.exe
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“reader_s”=C:\Documents and Settings\user\reader_s.exe

Description: component of Virut virus also known as W32.Virut.CF [Symantec], W32/Scribble-B [Sophos], Virus.Win32.Virut.ce [Kaspersky Lab], Virus:Win32/Virut.BM [Microsoft], W32/Virut.n.gen [McAfee]

How to remove: use Kaspersky virus removal tool + Dr.Web CureIt

Posted in O4, Run, Virus | No Comments »

What is winssled.exe, How to remove winssled.exe

Thursday, December 3rd, 2009

This is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: winssled
Filename: winssled.exe
Registry key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon | Taskman
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | shccde

Command: C:\Windows\winssled.exe
Startup Type: HKCU->Run, Winlogon\TaskMan
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [shccde] C:\Windows\winssled.exe

DDS Line:

uRun: [shccde] C:\Windows\winssled.exe

Combofix/RSIT Line:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“shccde”=C:\Windows\winssled.exe

Description: a trojan also known as Malware.Virut [PCTools], W32.Virut.CF [Symantec], Trojan.Win32.Buzus.cqmu [Kaspersky Lab], Trojan:Win32/Lethic.B [Microsoft]

How to remove: use HijackThis + Kaspersky virus removal tool

Posted in O4, Trojan, Winlogon\TaskMan | No Comments »

What is AntiKeep.exe, How to remove AntiKeep.exe

Thursday, December 3rd, 2009

AntiKeep.exe is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: AntiKeep
Filename: AntiKeep.exe
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | AntiKeep.exe

Command: C:\Program Files\AntiKeep Software\AntiKeep\AntiKeep.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [AntiKeep.exe] C:\Program Files\AntiKeep Software\AntiKeep\AntiKeep.exe

DDS Line:

uRun: [AntiKeep.exe] C:\Program Files\AntiKeep Software\AntiKeep\AntiKeep.exe

Combofix/RSIT Line:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“AntiKeep.exe”=C:\Program Files\AntiKeep Software\AntiKeep\AntiKeep.exe [2009-12-03 1638400]

Description: core component of AntiKeep. AntiKeep is a rogue antispyware program.

How to remove: use these AntiKeep removal instructions.

Posted in O4, Rogue Antispyware/Antivirus, Run | No Comments »

What is algqeh32.exe, How to remove algqeh32.exe

Tuesday, December 1st, 2009

algqeh32.exe is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: algqeh32
Filename: algqeh32.exe
Command: %UserProfile%\Start Menu\Programs\Startup\algqeh32.exe
Startup Type: Startup folder
HijackThis Category: O4
HijackThis Line:

O4 – Startup: algqeh32.exe

Combofix/RSIT Line:

C:\Documents and Settings\user\Start Menu\Programs\Startup
algqeh32.exe

Description: trojan

How to remove: use HijackThis + manually remove the file.

Posted in O4, Startup folder, Trojan | No Comments »

What is psecurity.exe, How to remove psecurity.exe

Tuesday, December 1st, 2009

psecurity.exe is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: psecurity
Filename: psecurity.exe
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | PSecurity

Command: C:\Program Files\PSecurity\psecurity.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [PSecurity] C:\Program Files\PSecurity\psecurity.exe

DDS Line:

uRun: [PSecurity] C:\Program Files\PSecurity\psecurity.exe

Combofix/RSIT Line:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“PSecurity”=C:\Program Files\PSecurity\psecurity.exe [2009-12-01 1268224]

Description: core component of Personal Security. Personal Security is a rogue antispyware program.

How to remove: use these Personal Security removal instructions.

Posted in O4, Rogue Antispyware/Antivirus, Run | 14 Comments »

What is photo_id.exe, How to remove photo_id.exe

Tuesday, December 1st, 2009

photo_id.exe is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: photo_id
Filename: photo_id.exe
Registry key:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | photo_id
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | photo_id

Command:

C:\WINDOWS\system32\photo_id.exe
%UserProfile%\photo_id.exe
C:\WINDOWS\system32\config\systemprofile\photo_id.exe

Startup Type: HKLM->Run. HKCU->Run
HijackThis Category:
HijackThis Line:

O4 – HKLM\..\Run: [photo_id] C:\WINDOWS\system32\photo_id.exe
O4 – HKCU\..\Run: [photo_id] C:\Documents and Settings\user\photo_id.exe
O4 – HKUS\S-1-5-18\..\Run: [photo_id] C:\WINDOWS\system32\config\systemprofile\photo_id.exe (User ‘SYSTEM’)
O4 – HKUS\.DEFAULT\..\Run: [photo_id] C:\WINDOWS\system32\config\systemprofile\photo_id.exe (User ‘Default user’)

DDS Line:

mRun: [photo_id] C:\WINDOWS\system32\photo_id.exe
uRun: [photo_id] C:\Documents and Settings\user\photo_id.exe

Combofix/RSIT Line:

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
“photo_id”=C:\WINDOWS\system32\photo_id.exe
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“photo_id”=C:\Documents and Settings\user\photo_id.exe

Description: trojan

How to remove: use HijackThis + Malwarebytes` Anti-malware

Posted in O4, Run, Trojan | No Comments »

What is herss.exe, How to remove herss.exe

Tuesday, December 1st, 2009

herss.exe is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: herss
Filename: herss.exe
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | cdoosoft

Command: %Temp%\herss.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [cdoosoft] %Temp%\herss.exe

DDS Line:

uRun: [cdoosoft] %Temp%\herss.exe

Combofix/RSIT Line:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“cdoosoft”=%Temp%\herss.exe

Description: trojan also known as Trojan-GameThief.Win32.Magania.cmla [Kaspersky Lab], Mal/Taterf-A [Sophos], Worm:Win32/Taterf.B [Microsoft], Trojan.Win32.Inhoo [Ikarus]

How to remove: use HijackThis + these autorun.inf trojans removal instructions.

Posted in autorun.inf, O4, Run, Trojan | No Comments »

What is wind7upd.exe, How to remove wind7upd.exe

Tuesday, December 1st, 2009

wind7upd.exe is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: wind7upd
Filename: wind7upd.exe
Registry key:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run | Microsoft Driver Setup
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | Microsoft Driver Setup

Command: C:\Windows\wind7upd.exe
Startup Type: HKLM->Run
HijackThis Category: O4
HijackThis Line:

O4:HKLM\..\Run: [Microsoft Driver Setup] C:\Windows\wind7upd.exe
O4:HKLM\..\policies\Explorer\Run: [Microsoft Driver Setup] C:\Windows\wind7upd.exe

DDS Line:

mRun: [Microsoft Driver Setup] C:\Windows\wind7upd.exe

Combofix/RSIT Line:

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run]
“Microsoft Driver Setup”=C:\Windows\wind7upd.exe
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
“Microsoft Driver Setup”=C:\Windows\wind7upd.exe

Description: trojan downloader

How to remove: use HijackThis + Malwarebytes` Anti-malware

Posted in O4, Policies\Explorer\Run, Run, Trojan | No Comments »

What is AntiAdd.exe, How to remove AntiAdd.exe

Tuesday, December 1st, 2009

AntiAdd.exe is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: AntiAdd
Filename: AntiAdd.exe
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | AntiAdd.exe

Command: C:\Program Files\AntiAdd Software\AntiAdd\AntiAdd.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [AntiAdd.exe] C:\Program Files\AntiAdd Software\AntiAdd\AntiAdd.exe

DDS Line:

uRun: [AntiAdd.exe] C:\Program Files\AntiAdd Software\AntiAdd\AntiAdd.exe

Combofix/RSIT Line:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“AntiAdd.exe”=C:\Program Files\AntiAdd Software\AntiAdd\AntiAdd.exe [2009-12-01 1638400]

Description: core component of AntiAdd. AntiAdd is a rogue antispyware program.

How to remove: use these AntiAdd removal instructions.

Posted in O4, Rogue Antispyware/Antivirus, Run | No Comments »

« Previous Entries
Next Entries »